Splunk is a big data analytics tool where it gathers data from multiple sources, then indexes the obtained data and makes it easier to search, visualize and analyze the data, On June 14th, Splunk released Splunk enterprise version 9.0, where the previous version of Splunk enterprise is found with an arbitrary code execution vulnerability.

Clients were able to deploy forwarder bundles to other deployment clients via the deployment server, in versions of the Splunk Enterprise deployment server that came before version 9.0. In the event that a Universal Forwarder endpoint is compromised by an attacker, they can exploit the vulnerability to run arbitrary code on all other Universal Forwarder endpoints that are subscribed to the deployment server.

The vulnerability is classified as critical with a base score of 10 as per NIST based on CVSS 3.1, and the vulnerability is listed as CVE-2022-32158 in the common vulnerability database.



As a prevention from this vulnerability, Splunk has advised upgrading the Splunk enterprise version to 9.0 or greater and stated that Splunk is working on patches for the previous versions.



CVE- The MITRE Corporation

NIST- National Institute of Standards and Technology

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.